The present invention relates to network computing and, more particularly, to a method of mitigating Denial-of-Service and Distributed-Denial-of-Service attacks.
In network computing a Denial-of-Service attack is an attack whose purpose is to disrupt normal service of a computer system or network. In many cases such attacks are carried out by overwhelming the computer system or network with a large number of packets, connections or requests. In some cases these attacks are distributed and carried out from multiple sources. In such a case these attacks are called Distributed-Denial-of-Service attacks.
For these attacks to be successful it suffices to overload just one of the network components leading to the server whose service is to be disrupted. Such a component could be a router, a switch, a load balancer or a security gateway.
In a typical network environment, servers are placed behind security gateways that perform one or more of several security functions including:                Firewall        Virtual Private Networking        Intrusion Prevention        Application Control        
In many cases, some or all of the packets belonging to Denial-of-Service and Distributed-Denial-of-Service attacks are blocked by these security gateways due to the fact that the attacks violate one or more aspect of the gateways' security policies. These violations could include the packet matching a firewall drop rule, the use of an unauthorized application or an attempt to exploit a server's vulnerability.
Even if all of the packets, connections or requests that violate the security policies are blocked by a security gateway, the resources needed in order to process the packets, connections or requests on the security gateway could be high—thus impacting the ability of the system to provide normal service.
In addition, some of the traffic generated by the sources of the attacks might be allowed under the current security policies and be forwarded onward to the servers. This traffic could then overload the network or servers and disrupt normal service.
It would be highly advantageous to have a method of mitigating Denial-of-Service and Distributed-Denial-of-Service attacks that is more parsimonious with security gateway resources than known methods.